The dreaded Emotet malware has returned, riding the TrickBot. There have been some recent developments, though, that are rather concerning in the malware world.
By the end of Tuesday, Emotet operators had raised the number of C2 infrastructure from eight to fourteen. Furthermore, after reviewing Emotet’s code, some researchers confirmed that the malware, as well as its infrastructure, has been upgraded for a more safe and resilient operation. They also stated that the new Emotet operator(s) had access to the original malware’s source code, which was shut down by law enforcement agencies. Cryptolaemus researchers discovered a new devlopment in malware delivery in the form of URL-based lures, in addition to the traditional method of propagation via.zip and.docm attachments.
According to AdvIntel’s research, the resurrected Emotet will cause the largest upheaval in the threat environment in 2021 for reasons that Emotet’s loader capabilities is unrivalled. These capabilities are in line with the current cybercrime market’s demands. The combined impact of the above points is result of TrickBot-Emotet-Conti trio.
Emotet’s resurgence is a direct outcome of the Conti gang persuading the former’s operator to resurrect the malware. Top-tier gangs like Conti and DoppelPaymer were left without a viable option for high-quality initial access after Emotet was shut down. Conti urged Emotet operators to return, backed by at least one former member of Ryuk (Conti’s predecessor) and TrickBot (Emotet’s largest client). Conti will deliver its payloads to top targets using Emotet, according to AdvIntel experts, as it grows to become a dominating name in the ransomware landscape.
Concluding Words
Emotet’s reappearance in the cybercrime ecosystem is no coincidence, and it will result in significant transformations. Better chances for botnet developers, such as Emotet, are appearing as the ransomware world becomes increasingly monopolistic. Furthermore, a partnership between TrickBot, Emotet, and Conti is considered to be a viable option for cybercriminals.